Credit authorization system and method

ABSTRACT

A system and method for preventing credit card fraud by comparing the location of a given transaction with the location of a predetermined communication device is provided.

FIELD OF THE INVENTION

[0001] The present invention relates to a system and method forpreventing credit card fraud by comparing the location of a giventransaction with the location of a predetermined communication device.

BACKGROUND OF THE INVENTION

[0002] Millions of individuals enjoy the convenience of utilizingtransaction cards such as credit cards, charge cards, debit cards,and/or currency or “smart” cards as a convenient way in which topurchase goods and/or services. By utilizing transaction cards, anindividual may enter into a transaction without having to have cash orcurrency in hand or otherwise. In the case of credit cards and chargecards, the individual, in effect obtains an instant loan of the fundsneeded to make a purchase and/or enter into a transaction. In the caseof currency or “smart” cards, the individual may “store” an amount ofmoney on the card(s) and, thereafter, utilize the card(s), instead ofcash or currency, in order to make purchases and/or enter intotransactions.

[0003] Millions of individuals also enjoy the benefits of having savingsaccounts, checking accounts and/or automated teller machine accountswhich allow then to enjoy the security of saving their money in accountswhich are usually insured and which allow them to, in some instances,earn interest on their money. In the case of checking accounts,individuals enjoy the convenience of writing checks and/or othertransaction instruments which allow them to draw against their moneywithout having to undergo the inconvenience of going to the bank orfinancial institution to withdraw their money, in currency form, andtraveling to, in some cases, a distant location to either make apurchase, payment and/or to otherwise settle an account. In this regard,the ability to write checks, drafts and/or other instruments against anaccount is a very convenient manner in which to conduct transactions ofany kind.

[0004] Many individuals also enjoy the convenience of owning and/orusing wireless, mobile or cellular telephones or devices as a means bywhich to make telephone calls when a conventional line or permanenttelephone is not within reach and/or when the individual is “on the go”,such as in an automobile, on foot, and/or in any other type ofenvironment, such as away from home, when a conventional line orpermanently fixed telephone is not available.

[0005] Unfortunately, with the convenience of each of the above creditcards, charge cards, debit cards, and/or currency or “smart” cards,savings accounts, checking accounts, automated teller machine accounts,and cellular telephones or cellular communications devices, comes manydisadvantages and the opportunity for theft and/or fraud. In the case ofcredit cards, charge cards and/or debit cards, hundreds of millions, ifnot billions, of dollars a year are lost as a result of the theft of,and/or the fraudulent use of, credit cards, charge cards and/or debitcards, or the account numbers which correspond thereto.

[0006] A lost or stolen card may be utilized by an unauthorizedindividual to spend upwards of thousands of dollars before theunauthorized use is detected and/or before the cardholder can ascertain,and/or be notified, either by the card issuer or servicing institutionor when the cardholder detects the unauthorized transaction on his orher monthly account statement, that the card is lost or stolen.Similarly, even in the absence of the physical card, an unauthorizedindividual may utilize the account number which corresponds to the cardin order to make certain transactions, for example by telephone or theInternet.

[0007] While card holders are usually protected by various types ofcoverage which shield them from the liabilities associated with thefraudulent use of a card or the corresponding account number, the cardissuers, credit, charge and/or debit card issuing companies and/orinstitutions, and/or their insurance companies end up paying for theabove described thefts and/or fraudulent and/or unauthorized uses.Ultimately, the consumer also shoulders the burden of the costsassociated with these thefts and/or fraudulent and/or unauthorized usesin the form of increased prices.

[0008] While authorization terminals and/or devices are utilized at apoint-of-sale and/or at the vendor's, the seller's, or the serviceprovider's, location, these authorization terminals and/or devicestypically are utilized to obtain an authorization from the card issueror account servicing institution, which usually entails a screening ofwhether the card has been lost, stolen, cancelled, de-activated and/orwhether the cardholder has exceeded and/or will exceed his or her creditlimit. This current authorization practice fails to prevent the use of alost or stolen card, or the unauthorized use of either the card or theaccount number corresponding thereto, if the card has not been reported,and/or discovered, to be lost, stolen or used without authorizationand/or if the account credit limit has not yet been reached.

[0009] Current practices do not entail and/or do not include theprovision for obtaining an authorization, and/or for providing notice tothe cardholder before, during and/or shortly after a transaction, whichcardholder authorization and/or notification procedure would be helpfuland prove to be essential in preventing the fraudulent use and/orunauthorized use of a card and/or the account number correspondingthereto, in an unauthorized transaction and/or shortly after anunauthorized transaction has occurred, thereby minimizing the fraudulentand/or unauthorized use of the card and/or the account numbercorresponding thereto.

[0010] In the case of currency or “smart” cards, which typically mayserve as bearer instruments, the monetary credit on these cards may becompletely depleted before the card owner even discovers same to be lostor stolen.

[0011] In the case of savings accounts, checking accounts, and/orautomated teller machine accounts, these accounts may be accessed, andfunds be withdrawn, without the account owner's notification and/orknowledge. In the case of savings accounts and checking accounts, theseaccounts may be accessed, and/or funds may be withdrawn therefrom, whenchecks drawn on insufficient funds are returned, and/or when the accountnumber is inadvertently and/or fraudulently utilized in an endorsement,or otherwise, by an individual attempting to cash or perform atransaction with a fraudulent instrument, a forged instrument and/or anotherwise “bad” check. In these instances, the accounts and/or fundsinvolved are usually accessed, invaded, and/or withdrawn from theaccount involved without the account owner being notified and/or havinga say in the matter.

[0012] The account owners are typically notified of the above-describedactivity involving their account days later when they either receive amailed notice and/or when they receive and review their monthly orperiodic statement, which notice may be received at a time when it maybe too late for the account owner to stop or reverse the transactionand/or, in the case of a check or draft returned for insufficient funds,at a time which is too late for the account owner to attempt to collectthe funds. In the case of automated teller machine accounts, theseaccounts may be accessed, such as with a lost, stolen, or counterfeitcard and/or with a card account number(s) and/or associated personalidentification number(s), by a thief or by any other unauthorized personwho could then make an unauthorized withdrawal(s) therefrom.

[0013] Once again, account owners would not receive notification and/orhave knowledge of the unauthorized transaction until they are notifiedby the bank or financial institution either via a monthly and/orperiodic statement, and/or when they attempt a transaction at theautomated teller machine and, at that time, discover that funds aremissing and/or have been withdrawn. In the case of savings accounts,checking accounts and/or automated teller machine accounts, there is nopresent apparatus or method by which to link the location of acommunication device with authorization of a transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014] The novel features believed characteristic of the invention areset forth in the appended claims. The invention itself however, as wellas a preferred mode of use, further objects and advantages thereof, willbest be understood by reference to the following detailed description ofan illustrative embodiment when read in conjunction with theaccompanying drawings, wherein:

[0015]FIG. 1 is a block diagram of a network suitable for use in thepresent invention;

[0016]FIG. 2 is a block diagram of components found in FIG. 1;

[0017]FIG. 3 is a flow chart illustrating the steps taken in oneembodiment of the present invention; and

[0018]FIG. 4 is a block diagram of an exemplary database 106 found inFIG. 1.

SUMMARY OF THE INVENTION

[0019] One aspect of the present invention relates to a method forauthorizing transactions against an account. The account may be acredit, debit or other transaction account. A transaction is receivedthat includes a request for authorization to charge an amount againstthe account. An ID for a communication device associated with theaccount is retrieved and the location of the communication device isdetermined. The location of the transaction is determined and comparedwith the location of the device. The request is then processed based onthe location information received. The request is preferably denied whenthe location of the transaction is different from the location of thedevice. Alternatively, the request preferably is authorized when thelocation of the transaction is the same as the location of the device.

[0020] A system for authorizing transactions against an account is alsoprovided. The system includes an input device adapted to receive atransaction that includes a request for authorization to charge anamount against the account. A means for retrieving an ID for acommunication device associated with the account is provided. The inputdevice is coupled for data communications with the retrieving means. Ameans for determining the location of the communication device, a meansfor determining the location of the transaction, a means for comparingthe location of the transaction with the location of the device, and ameans for processing the request are also provided.

[0021] All objects, features, and advantages of the present inventionwill become apparent in the following detailed written description.

DETAILED DESCRIPTION OF THE INVENTION

[0022] The present invention is directed to a system and method forreducing fraudulent transactions involving credit or debit typetransaction cards. Briefly, the location of the transaction is comparedto the real time physical location of a pre-defined communicationdevice. Where the locations are the same, the transaction is authorizedand where the locations are not the same, the transaction is denied. Atransaction card account holder may set one or more device locations forverifying the location of the card holder at the time of a transaction.

[0023] With reference now to the figures, and, in particular, withreference now to FIG. 1, there is depicted a block diagram of a networkenvironment in which the present invention may be implemented. While thepresent invention is described with reference to one type of networkenvironment, it will be understood by one with skill in the art that thepresent invention may be implemented in alternate types of networkenvironments.

[0024]FIG. 1 is a schematic diagram of a network in accordance with oneembodiment of the present invention. The figures describe the presentinvention with reference to a merchant transaction however, it should benoted that the invention is applicable to transactions where a merchantis not present, for example, a transaction at an automated tellermachine. A transaction card is initially read at a point of saleterminal 102 at a merchant's location. The point of sale terminal 102,contacts a transaction service provider or central computer 104,typically via a telephone call. When the phone call is connected, thepoint of sale terminal 102 initializes communication with the serviceprovider central computer 104. The service provider typically validatesthe transaction card. This may include checking with the actual cardissuer to make sure the proposed procurement would not exceedpredetermined maximum purchase limits. The central computer 104 maycontain a database 106 containing at least one device ID 114 for anaccount holder's communication device 112 and optionally a database 108containing card limits.

[0025] The point-of-sale authorization terminal 102 may be any of thewidely used and well known terminals or devices for providingpoint-of-sale authorization for transactions involving credit cards,charge cards, debit cards and/or other currency or “smart” cards. Thepoint-of-sale terminal 102 may be utilized at the location of the goodsand/or service provider, such as the retail store or office, automatedteller machine, and/or a self-serve vendor location, for example a gaspump or vending machine.

[0026] Typically, the terminals and devices for providing point-of-saleauthorization comprise and utilize a magnetic card reader and/ormagnetic strip card reader, for reading data from transaction cards. Thepoint-of-sale terminal 102 transmits an authorization request which mayinclude the data pertaining to the particular card utilized in thetransaction and the amount of the transaction, over a communicationsmedium, to a central processing computer for processing the transactionrequest and/or the authorization request pertaining thereto.

[0027] The point-of-sale terminal 102 also receives the authorizationand/or authorization data and/or information from the central processingcomputer 104. A printed transaction receipt may also be provided atand/or obtained via the point-of-sale terminal 102, or peripheral deviceassociated therewith, for printing a transaction receipt which isusually or typically signed by the card holder in completing thetransaction. The point-of-sale terminal 102 may be designed to readother data besides and/or in addition to magnetic card data. Thepoint-of-sale terminal 102 may also comprise, or have associatedtherewith, a keypad for the manual entry of transaction informationand/or data, such as the amount of the transaction. The point-of-saleterminal 102 may also be an integral component of a cash register orother transaction terminal or device which may provide for the automaticentry of transaction information and/or data.

[0028] The central processing computer 104 may service any predefinedgroup of cardholders. For example, the central processing computer 104may handle all MASTERCARD transactions for a given financial and/orcredit institution. The central processing computer 104, for example,may process transaction cards such as, credit cards, charge cards, debitcards, and/or currency or “smart” cards and/or combinations of same, forexample, VISA, MASTERCARD, and/or AMERICAN EXPRESS cards and processand/or mange account information pertaining thereto. The centralprocessing computer 104 may also process accounts for any of the variousbanks and/or financial institutions which issue and/or manage creditcards, charge cards, debit cards and/or currency or “smart” cards(hereinafter referred to as “card” or “cards”) and/or process or managethese accounts.

[0029] The central processing computer 104 may be a mainframe computer,a mini-computer, a micro-computer, a server computer, such as thoseutilized in conjunction with on-line services and/or in a networkenvironment, and/or any other suitable computer or computer system.

[0030] In the preferred embodiment, the point-of-sale terminal 102 islinked and/or connected to the central processing computer 104 via atelecommunications system, link and/or medium (hereinafter referred toas “communications system”) such as, for example, a telephone network orline. It is important to note that the communications system which isutilized may be any communications system and may includetelecommunication systems, satellite communications systems, radiocommunication systems, digital communications systems, digital satellitecommunications systems, personal communications services (PCS)communication systems, as well as any other appropriate communicationssystem. The point-of-sale terminal 102 transmits signals and/or data tothe central processing computer 104 as well as receives signals and/ordata from the central processing computer 104.

[0031] The network shown in FIG. 1 also comprises a cardholdercommunication device 112 which may receive signals and/or data from thepoint-of-sale terminal 102 and/or the central processing computer 104.Communication device 112 has a device ID 114 associated therewith. Inthe preferred embodiment of FIG. 1, the communication device 112receives signals and data from the central processing computer 104 withsaid signals being transmitted via a suitable communication system 110.In the preferred embodiment, the communications system 110 utilized fortransmitting signals and/or data to the communication device 112 is awireless telephone line and the communication device 112 is a telephonesignal receiving device such as a telephone beeper or pager. Thecommunication device 112 or pager receives the wireless telephonesignals and/or data from the central processing computer 104 during theauthorization procedure as will be described in more detail below.

[0032] In the preferred embodiment, the communication device 112 is alsoequipped with a transmitter for transmitting signals and/or data to thecentral processing computer 104. In this regard, the central processingcomputer 104 transmits signals and/or data to the communication device112 as well as receives signals and/or data from the communicationdevice 112. The communication device 112 may also transmit signalsand/or data directly to the point-of-sale terminal 102 and receivesignals and/or data directly from the point-of-sale terminal 102. In thepreferred embodiment, the point-of-sale terminal 102 transmits signalsand/or data to the central processing computer 104 and receives signalsand/or data from the central processing computer 104. Further, in thepreferred embodiment, the communication device 112 receives signalsand/or data from the central processing. computer 104 and transmitssignals and/or data to the central processing computer 104.

[0033] In particular, the communication device 112 is adapted totransmit its physical location to the central computer. Communicationdevice 112 may contain a Global Positioning System (GPS) device, wherebythe device 112 can transmit its location to the central processingcomputer 104. Alternatively, the communication device 112 may be atelephone or pager which is part of a communication system equipped withlocation capabilities such as Enhanced 911. In this instance, thecommunication system is capable of determining the location of thedevice 112 and sending this information to the central computer 104.Themerchant's location may be verified through the vendor ID that istypically transmitted to the central computer 104 along with thetransaction information. In the case where the account holder ispurchasing goods or services with a vendor over the phone or via theInternet, the merchant location information can be changed to thelocation of the account holder, such that the two locations will match.To effect the change in merchant location, the account holder may entera unique character string or code to notify the central computer 104,that the merchant location should be changed. The merchant location maybe changed to the account holder's current location as verified by theircommunication device 112, or a default “home” setting may be used.Account holders may change the required character string or code atrandom, in order to prevent others from using their transaction card inthese types of purchases.

[0034] As noted above, the communication device 112 is preferably awireless device. In this regard, the communication device 112 or pagermay be carried by the cardholder and/or be kept on and/or close to thecardholder's person so that the central processing computer 104 maytransmit signals and/or data to the communication device 112 so as tocommunicate and physically locate the cardholder at any time.

[0035]FIG. 2 illustrates the various components of the apparatus shownin FIG. 1 where like numbers are used for like elements. In FIG. 2, thepoint-of-sale terminal 102, in the preferred embodiment, comprises acentral processing unit or CPU 116, a magnetic card reader 118, which isconnected to the CPU 116, associated random access memory 120 (RAM) andread only memory 122 (ROM) devices, which are also connected to the CPU116, a user input device 124, which is typically a keypad or othersuitable input device for inputting data into the terminal 102 and whichis also connected to the CPU 116, and a display device 126 fordisplaying information and/or data to a user.

[0036] The point-of-sale terminal 102 also comprises a transmitter 128for transmitting signals and/or data to the central processing computer104, and/or to the communication device 112 and/or to any other deviceassociated with the cardholder and/or the apparatus, if desired. Thetransmitter 128 is also connected to the CPU 116. The point-of-saleterminal 102 also comprises a receiver 130 for receiving signals and/ordata from the central processing computer 104, and from thecommunication device 112 and/or any other associated device which may beutilized, if desired. The receiver 130 is also connected to the CPU 116.The point-of-sale terminal 102 may also comprise a printer 132 or otherappropriate output device for outputting data to the user. The printer132 is also connected to the CPU 116.

[0037] In FIG. 2, the central processing computer 104, in the preferredembodiment, comprises a central processing unit or CPU 200, associatedrandom access memory 202 (RAM) and read only memory 204 (ROM) devices,which are connected to the CPU 200, a user input device 206, which is akeypad and/or any other suitable input device for inputting data intothe central processing computer 104 and which is also connected to theCPU 200 and a display device 208 for displaying information and/or datato a user or operator.

[0038] The central processing computer 104 also comprises atransmitter(s) 210 for transmitting signals and/or data to thepoint-of-sale terminal 102 and to the communication device 112. Thetransmitter(s) 210 is also connected to the CPU 200. The centralprocessing computer 104 also comprises a receiver(s) 212 for receivingsignals and/or data from the point-of-sale terminal 102 and from thecommunication device 112 and/or from any other suitable device which maybe utilized in conjunction with the apparatus 1. The receiver(s) 212 isalso connected to the CPU 200. The central processing computer 104, inany and/or all of the embodiments described herein, may utilize afax/modem and/or any other suitable computer communication device.

[0039] The central processing computer also comprises databases 106, 108which contains account information and data pertaining to thecardholders and/or to the cardholder accounts. The databases 106, 108contain information about the cardholder, the cardholders accountnumber, credit and/or account limits, communication device ID's andother information and/or data necessary to manage and/or process anaccount transaction as described herein. The databases 106, 108 are alsoconnected to the CPU 200. The central processing computer 104 may alsocomprise a printer 214 or other appropriate output device for outputtinginformation and/or data to a user or operator.

[0040] In FIG. 2, the communication device 112, in the preferredembodiment, comprises a central processing unit or CPU 216, associatedrandom access memory 218 (RAM) and read only memory 220 (ROM) devices,which are connected to the CPU 216, a user input device 222, which is akeypad or a plurality of keys and/or switches for inputting data intothe communication device 112 and which is also connected to the CPU 216,and a display device 224, for displaying information and/or data to thecardholder which is also connected to the CPU 216. The communicationdevice 112 also comprises a receiver 226 for receiving signals and/ordata from the central processing computer 104 and/or point of saleterminal 102 and which is also connected to the CPU 216, a transmitter228 for transmitting signals and/or data to the central processingcomputer 104 and/or point of sale terminal 102 and which is alsoconnected to the CPU 216.

[0041] In the preferred embodiment, the communication device 112 is amobile phone or a personal digital assistant (PDA) with locationidentification capabilities. A two-way pager and/or pager systems mayalso be utilized for implementing the respective component system(s) inthe communication device 112/central processing computer 104 combinationand/or link.

[0042] The system of the present invention may be utilized in order tofacilitate authorization, and/or security measures in financialtransactions involving credit cards, charge cards, debit cards, and/orcurrency or “smart” cards, in the manner described below and withreference to FIG. 1. In this manner, the method and system of thepresent invention may be utilized to verify the location of thecardholder in a card-related transaction.

[0043]FIG. 3 is a flow chart illustrating the steps generally taken inthis invention when an transaction card is used for the procurement ofgoods, services or distribution of currency.

[0044] In a merchant setting, initially, the user of a transaction cardselects merchandise or services to procure and presents the transactioncard for payment. The transaction card is swiped through a card readingdevice and the merchant enters the transaction amount, step 302. Whenthe transaction card is swiped through the card reading device, the cardreading device is activated and initiates contact with a remotetransaction card service provider, referred to as the central computer104 in FIG. 1, at step 304. The card reader is of the type known in theart to scan the card information from an information storage mediaaffixed to the card, e.g. magnetic strip, and initiates a phone call toa transaction card service provider. The remote transaction serviceprovider receives the transaction card information and transactionamount as entered by the merchant at step 302 and proceeds to retrieveaccount information related to the transaction card at step 306. Accountinformation includes a database containing device identificationinformation for at least one communication device provided by theaccount holder. The transaction card service provider obtains the deviceinformation and queries the device to determine the location of thedevice, step 310. The service provider also verifies the location of themerchant in step 308. The location of the merchant may be obtained fromthe vendor ID submitted with the transaction request or in thealternative, the account owner may specify a substitute vendor locationas described in more detail below. Steps 308 and 310 can be performed inany order. With the location information in hand, the remote transactionservice provider, then determines at step 312 whether the location ofthe communication device matches the location of the merchant. If thelocations do not match, then the transaction is denied, step 314. If thelocations do match, then the transaction is authorized, step 316.

[0045] As with current systems, the account service provider may querydatabase 108 to determine if the transaction amount has not exceeded thepredetermined account holder limit. If the transaction amount exceedsthe predetermined account holder spending limit, the transaction isdenied.

[0046] The method of communication between the service provider and theaccount holder communication device may be by mobile telephone, two-waypager, or other personal communications device.

[0047]FIG. 4 is a block diagram of an exemplary communication device IDdatabase 400 illustrated in FIG. 1 as database 106. Database 400includes device IDs for multiple devices including the account holder'smobile phone 402, pager 404, and home phone 410. If account holdersgives their transaction card to their child, for example, they maychange the device ID to their child's mobile phone number. In addition,the account holder has the option of turning the device ID feature offsuch that the transaction will be approved regardless of the location ofa given communication device.

[0048] While the invention has been particularly shown and describedwith reference to a preferred embodiment, it will be understood by thoseskilled in the art that various changes in form and detail may be madetherein without departing from the spirit and scope of the invention.

We claim:
 1. Method for authorizing transactions against an accountcomprising: receiving a transaction comprising a request forauthorization to charge an amount against the account; retrieving acommunication device ID for a device associated with the account;determining the location of the communication device; determining thelocation of the transaction; comparing the location of the transactionwith the location of the device; and processing the request.
 2. Themethod of claim 1 further comprising denying the request when thelocation of the transaction is different from the location of thedevice.
 3. The method of claim 1 further comprising authorizing therequest when the location of the transaction is the same as the locationof the device.
 4. The method of claim 1 wherein the request forauthorization is received at a merchant location.
 5. The method of claim1 further comprising validating the account.
 6. The method of claim 1further comprising determining whether the transaction is within apredefined credit limit.
 7. The method of claim 1 further comprisingsubstituting the location of the transaction with a predefined location.8. System for authorizing transactions against an account comprising: aninput device adapted to receive a transaction comprising a request forauthorization to charge an amount against the account; a means forretrieving a communication device ID for a communication deviceassociated with the account, wherein the input device is coupled fordata communications with the retrieving means; means for determining thelocation of the communication device; means for determining the locationof the transaction; means for comparing the location of the transactionwith the location of the device; and a means for processing the request.9. The system of claim 8 further comprising a means for denying therequest when the location of the transaction is different from thelocation of the device.
 10. The system of claim 8 further comprising ameans for authorizing the request when the location of the transactionis the same as the location of the device.
 11. The system of claim 8wherein the input device is located at a merchant location.
 12. Thesystem of claim 8 further comprising a means for validating the account.13. The system of claim 8 further comprising a means for determiningwhether the transaction is within a predefined credit limit.
 14. Acomputer program product for authorizing transactions against an accountcomprising: a recording medium; means, recorded on the recording medium,for receiving a transaction comprising a request for authorization tocharge an amount against the account; means, recorded on the recordingmedium, for retrieving a communication device ID for a device associatedwith the account; means, recorded on the recording medium, fordetermining the location of the communication device; means, recorded onthe recording medium, for determining the location of the transaction;means, recorded on the recording medium, for comparing the location ofthe transaction with the location of the device; and means, recorded onthe recording medium, for processing the request.
 15. The computerprogram product of claim 14 further comprising means, recorded on therecording medium, for denying the request when the location of thetransaction is different from the location of the device.
 16. Thecomputer program product of claim 14 further comprising means, recordedon the recording medium, for authorizing the request when the locationof the transaction is the same as the location of the device.
 17. Thecomputer program product of claim 14 further comprising means, recordedon the recording medium, for validating the account.
 18. The computerprogram product of claim 14 further comprising means, recorded on therecording medium, for determining whether the transaction is within apredefined credit limit.
 19. The computer program product of claim 14further comprising means, recorded on the recording medium, forsubstituting the location of the transaction with a predefined location.